Dovecot and Letsencrypt certs

Вадим Бажов master at remort.net
Fri Sep 8 15:53:00 EEST 2017


Dovecot seems to load certificates into memory and don't refresh them
until restart, or may be reload. And this is a correct logic. You
better add restart/reload task to the LE cron job after the successful
renewal of LE certificate.
Check that it really works as it should.
Dovecot shouldn't be restarted/reloaded if certificate wasn't changed.

2017-09-08 17:47 GMT+05:00 @lbutlr <kremels at kreme.com>:
> So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate.
>
> I hopped on to the server and checked and… no, the LE certs renewed last month and are valid until November.
>
> After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything.
>
> Should dovecot check for certs being refreshed? Or is this an artifact of my using symbolic links everywhere to point to the newest LE certs (which are themselves links the dehydrate script creates to point to the newest cert-1502534746.csr etc files?
>
> Should I just create a monthly cron to restart dovecot or is there something else?
>
> --
> Apple broke AppleScripting signatures in Mail.app, so no random signatures.


More information about the dovecot mailing list